The present invention relates to computer managed communication networks such as the World Wide Web (Web) and, particularly, to the protection of open Web sites from requests by malicious users.
The 1990""s decade has been marked by a technological revolution driven by the convergence of the data processing industry with the consumer electronics industry. The effect has, in turn, driven technologies which have been known and available but relatively quiescent over the years. A major one of these technologies is the Internet or Web related distribution of documents, media and programs. The convergence of the electronic entertainment and consumer industries with data processing exponentially accelerated the demand for wide ranging communication distribution channels, and the Web or Internet, which had quietly existed for over a generation as a loose academic and government data distribution facility, reached xe2x80x9ccritical massxe2x80x9d and commenced a period of phenomenal expansion. With this expansion, businesses and consumers have direct access to all matter of documents, media and computer programs.
In order for the Web to reach its full potential as the basic channel for all world wide business and academic transactions and communications, the providers and users of the Web and like networks must be assured an open communication environment, as well as protection of the data that is offered over the Web and the requests made for such data.
With the rise of the Web, there has been an unfortunate increase in the number of malicious users who at the least try to disrupt Web and other network services and at their worst try to steal goods, services and data accessible over the Web. Of course, the industry has been working for many years to eliminate, or at least neutralize, the efforts of such malicious users. These malicious users have, in recent times, been referred to as xe2x80x9ccrackersxe2x80x9d, to distinguish them from xe2x80x9chackersxe2x80x9d who may operate extensively but for benevolent or at least harmless reasons. Conventionally, the industry has tried to limit access to Web site resources by such crackers through security devices such as fire-wall access passwords. However, these devices often irritate and confuse the vast groups of new people using the Web who have little or no computer sophistication. In order for the Web to reach its full potential, it will be necessary to make Web sites offering goods, services or data as open and as easy to access as possible.
The present invention provides a system, method and program for protecting said open Web sites from known malicious users in a Web communication network with access to a plurality of open Web sites responsive to requests from users at IP addresses throughout the Web. There is provided means associated with a protected open Web site for storing a list of the IP addresses of such known malicious users combined with means for comparing the IP addresses of each user requesting access to the protected open Web site to said list of IP addresses of said known malicious users. There are also means responsive to the comparing means for diverting to an alias address for said protected Web site any request from the IP address of a malicious user. The alias address is provided by means associated with the protected open Web site.
The present invention is applicable in circumstances where the malicious users or crackers are already known. This is not unusual since once such users do damage to a particular Web site, their sources, i.e. IP addresses, become apparent and the Web industry is alerted to such rogue IP addresses. Thus, in dealing with a request from any known malicious user, the object is to not tip off the user that the site under assault is taking protective measures. Thus, if the inquiry were met with a rejection or denial of service, then the rogue user could readily alias to another requesting user alias address and continue his attack on the site. With the present diversion to an alias Web site address, all the rogue or cracker would note would be a brief blip, interruption or delay in the service of his request. This would be not unlike any conventional delay interruption that anyone accessing a Web site could experience, rather than a denial in service.
In accordance with another aspect of the present invention, there is provided a plurality of alias addresses rather than a single alias address. With such a plurality of alias addresses, the means for diverting are enabled to respectively divert to each of the plurality of alias addresses, one of a plurality of requests respectively from a corresponding one of a plurality of IP addresses of a plurality of malicious users, whereby the request of each of the malicious users is diverted to a different one of said alias Web site addresses. In this manner, each different requesting malicious user or cracker is individually isolated so that each different requesting user may be individually dealt with.
In addition, the system/method may be set up so that the means associated with the protected open Web site for storing a list of the IP addresses of said known malicious users is associated with a plurality of protected Web sites, i.e. the group of Web sites may share the list storing means as well as the comparing means.
In accordance with a more particular aspect of the present invention, the network system has a server for the protected Web site which includes the means for comparing, the means for providing the alias address and the means for diverting. Also, the means for diverting may further include a router for routing all requests from the malicious users to a safe sub-network at said alias address.